Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

Relationships

Parent process
Related files

updater26766.exe

Discount Buddy by Excellent Apps (Signed)

Remove updater26766.exe
Version:   1000.1000.1000.1000
MD5:   f2d8ba45fc17aed5ce41fcc3bc606310
SHA1:   c52b69ae45622fd46b097a25dc69b8610b6ab325
SHA256:   a3b404b2e9f6ad98507cfdbb2ad38d3b508bb85fd4e9017f3eabebd86cd2fe39
Warning 4 antivirus scanners has detected malware.

Overview

updater26766.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). The file is digitally signed by Excellent Apps which was issued by the Thawte certificate authority (CA).

DetailsDetails

File name:updater26766.exe
Publisher:215 Apps
Product name:Discount Buddy
Description:Discount Buddy exe
Typical file path:C:\users\user\appdata\local\updater26766\updater26766.exe
Original name:Discount Buddy.exe
File version:1000.1000.1000.1000
Size:205.38 KB (210,312 bytes)
Certificate
Issued to:Excellent Apps
Authority (CA):Thawte
Effective date:Tuesday, August 28, 2012
Expiration date:Thursday, August 29, 2013
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks
  • Entry path '\Updater26766.exe'
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Updater26766.exe' → C:\users\user\appdata\Local\Updater26766\Updater26766.exe /extensionid=26766 /extensionname='Discount Buddy' /chromeid=fjbgonfbgjdmlkjofohofdjnakkfppge /stayidle /delay=300

MalwareMalware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engineEngine versionDetection
ESET NOD32 7.8243 a variant of Win32/Toolbar.CrossRider.C
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0215
Vba32 AntiVirus 3.12.20.2 suspected of Trojan.Downloader.gen.h
VIPRE Antivirus 16982 GamePlayLabs (v)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00021115%
0.028634%
Kernel CPU:0.00012817%
0.013761%
User CPU:0.00008298%
0.014873%
Kernel CPU time:312 ms/min
100,923,805ms/min
CPU cycles:16,900/sec
17,470,203/sec
Memory
Private memory:2.6 MB
21.59 MB
Private (maximum):3.28 MB
Private (minimum):1.32 MB
Non-paged memory:2.6 MB
21.59 MB
Virtual memory:86.17 MB
140.96 MB
Virtual memory (peak):93.92 MB
169.69 MB
Working set:3.2 MB
18.61 MB
Working set (peak):8.13 MB
37.95 MB
I/O
I/O read transfer:2 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:2 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:7 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:4
12
Handles:175
600
GUI GDI count:9
103
GUI GDI peak:9
142
GUI USER count:2
49
GUI USER peak:3
71

BehaviorsProcess properties

Integrety level:Medium
Platform:64-bit
Owner:User
Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

ResourcesThreads

Averages
 
Updater26766.exe (main module)
Total CPU:0.00014094%
0.272967%
Kernel CPU:0.00010250%
0.107585%
User CPU:0.00003844%
0.165382%
CPU cycles:2,682/sec
5,741,424/sec
Memory:220 KB
1.16 MB
ntdll.dll
Total CPU:0.00007707%
Kernel CPU:0.00005138%
User CPU:0.00002569%
CPU cycles:1,021/sec
Memory:1.66 MB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 100.00%

Distribution by countryDistribution by country

United States installs about 100.00% of Discount Buddy.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Toshiba 80.00%
Hewlett-Packard 20.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE